Empris PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Empris | Emergenices_personnel_information_system | 0.4 (including) | 0.4 (including) |
| Empris | Emergenices_personnel_information_system | 2001-08-10 (including) | 2001-08-10 (including) |
| Empris | Emergenices_personnel_information_system | 2001-09-08 (including) | 2001-09-08 (including) |
References
- http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
- http://www.securityfocus.com/bid/3391
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7215
- http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
- http://www.securityfocus.com/bid/3391
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7215